PT-2024-18260 · WordPress · Sharkdropship For Aliexpress Dropshipping/Affiliate

Name of the Vulnerable Software and Affected Versions: The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress versions up to, and including, 2.2.4 Description: The issue is related to a missing capability check on the wads removeProductFromShop function, which allows...

Tinyproxy <= 1.11.1 Information Disclosure Vulnerability

Tinyproxy is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:banu:tinyproxy"; i...

Sql injection

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php...

PT-2023-15496 · Unknown · Lead Management System

Name of the Vulnerable Software and Affected Versions: Lead Management System version 1.0 Description: The issue concerns SQL Injection via the id parameter in the "removeProduct.php" endpoint. This allows for potential manipulation of database queries. Recommendations: For Lead Management System...

Lead Management System SQL注入漏洞

Lead management system is a lead management system developed by Mayuri K. The Lead Management System v1.0 version is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in the id parameter of removeProduct.php, which could be used by attackers to...

rConfig <= 3.x Multiple Vulnerabilities

rConfig is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rconfig:rconfig"; if description...

CVE-2022-0412

The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the itemid parameter before using it in a SQL statement via the wishlist/removeproduct REST endpoint, allowing unauthenticated attackers to perform SQL...

WordPress SQL注入漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.A SQL injection vulnerability exists in versions of the WordPress TI WooCommerce Wishlist plugin prior to 1.40.1, which stem...

FTPDMIN <= 0.96 Multiple DoS Vulnerabilities

FTPDMIN is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Smartweares HOME easy Information Disclosure Vulnerability

Smartweares HOME easy is prone to an information disclosure vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

NREL BEopt <= 2.8.0.0 RCE Vulnerability

NREL BEopt is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nrel:beopt"; if...

Geneko Routers Information Disclosure Vulnerability

Geneko Router version 3.18.21 is vulnerable to an information disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Multiple Vendors '/servlets/FetchFile' Multiple Vulnerabilities - Active Check

Multiple vulnerabilities affecting the remote device have been found, these vulnerabilities allows uploading of arbitrary files and their execution, arbitrary file download with directory traversal, use of a weak algorithm for storing passwords and session hijacking. SPDX-FileCopyrightText: 2016...

DSS TFTP Server <= 1.0 Path Traversal Vulnerability - Active Check

DSS TFTP Server is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

haneWIN DNS Server Denial Of Service Vulnerability

This host is running haneWIN DNS server and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbhanewindnsserverdosvuln.nasl 6769 2017-07-20 09:56:33Z teissa $ haneWIN DNS Server Denial Of Service Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2014 Greenbone...

WordPress Cloudsafe365 Plugin 'file' Parameter Remote File Disclosure Vulnerability

The Cloudsafe365 plugin for WordPress is prone to a file- disclosure vulnerability because it fails to properly sanitize user- supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Joomla 'com_easyfaq' Component Multiple SQL Injection Vulnerabilities

This host is running Joomla EasyFAQ component and is prone to multiple sql injection vulnerabilities. OpenVAS Vulnerability Test $Id: secpodjoomlacomeasyfaqsqlinjvuln.nasl 5950 2017-04-13 09:02:06Z teissa $ Joomla 'comeasyfaq' Component Multiple SQL Injection Vulnerabilities Authors: Sooraj KS...

XnView JPEG2000 Plugin Buffer Overflow Vulnerability (Windows)

This host has XnView installed and is prone to buffer overflow vulnerability. Vulnerabilities Insight: The flaw is due to an error in the JPEG2000 plugin in Xjp2.dll, when processing a JPEG2000 JP2 file with a crafted Quantization Default QCD marker segment. OpenVAS Vulnerabilities Test $Id:...

Windows Media Player Denial Of Service Vulnerability

This host is installed with Windows Media Player and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: secpodwinmediaplayerdosvuln.nasl 7019 2017-08-29 11:51:27Z teissa $ Windows Media Player Denial Of Service Vulnerability Authors: Madhuri D Copyright: Copyright c 2011...

WebSVN Multiple XSS Vulnerabilities (Dec 2011)

WebSVN is prone to multiple cross-site scripting XSS vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are...